AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
The amp infamous download12/29/2023 ![]() "Once they identified Equifax's systems as vulnerable, actually exploiting the vulnerability to gain access to the Equifax servers and network will unfortunately have been relatively easy," says van Schaik, who recently discovered and disclosed a different Apache Struts bug. Penetration testers and other security researchers say that it would have been simple for an attacker to exploit the flaw and get into the system. But observers say the ongoing discoveries increasingly paint a picture of negligence-especially in Equifax's failure to protect itself against a known flaw with a ready fix. And as security journalist Brian Krebs first reported, a web portal for handling credit-report disputes from customers in Argentina used the embarrassingly inadequate credentials of "admin/admin." Equifax took the platform down on Tuesday. Even then, the site that Equifax set up in response to address questions and offer free credit monitoring was itself riddled with vulnerabilities. ![]() The company took six weeks to notify the public after finding out about the breach. It didn't.Īs the security community processes the news and scrutinizes Equifax's cybersecurity posture, numerous doubts have surfaced about the organization's competence as a data steward. In other words, the credit-reporting giant had more than two months to take precautions that would have defended the personal data of 143 million people from being exposed. Capping a week of incompetence, failures, and general shady behavior in responding to its massive data breach, Equifax has confirmed that attackers entered its system in mid-May through a web-application vulnerability that had a patch available in March.
0 Comments
Read More
Leave a Reply. |